Comptia Security +: Domain4 Application Security MCQs
Comptia Security +: Domain4 Application Security MCQs
These Comptia Security +: Domain4 Application Security multiple-choice questions and their answers will help you strengthen your grip on the subject of Comptia Security +: Domain4 Application Security. You can prepare for an upcoming exam or job interview with these 30 Comptia Security +: Domain4 Application Security MCQs.
So scroll down and start answering.
1: The application is reviewed and specific vulnerabilities are documented in this phase of threat modeling
A. Reflected XSS
B. Network
C. Cookies
D. Vulnerability identification
2: Small text files downloaded and stored on a user's computer that contain information about the user's session and preferences
A. Application gateways
B. Cookies
C. Peer to peer
D. Transport
3: Key functionality (how the application works) is identified and an application diagram developed in this phase of threat modeling
A. Application review
B. Reflected and stored
C. Cookie attacks
D. Network
4: OSI layer that provides transparent transfer of data between end users
A. Session cookie
B. Transport
C. Data link
D. Cookie leaking
5: IP address exposure - download of worm/viruses circumventing the firewall - no way to track improper communication - messages in clear text are risks associated with
A. Common off the shelf
B. Packet sniffer
C. IM
D. Vbscript and jscript
6: OSI layer that provides interhost communication (Named Pipes
A. Application
B. P2P
C. ARP spoofing
D. Session
7: COTS stands for
A. Sandboxing
B. Common off the shelf
C. P2P
D. Application
8: Security objectives placed on an application are identified - controlling the scope of the threat modeling process
A. Input validation criteria
B. Security objective definition
C. Bytecode verifier
D. Vulnerability identification
9: OSI layer that relates to the physical connection of two devices (i.e. RS-232
A. Data link
B. Physical
C. Persistent cookie
D. Digitally signed java control
10: Phases of threat modeling
A. Buffer overflow
B. Input validation criteria
C. Digitally signed java control
D. Security objective definition - application review - application decomposition - threat identification - vulnerability identification
11: OSI model layers
A. Cookie hijacking
B. Application - Presentation - Session - Transport - Network - Data Link - Physical
C. Cookie leaking
D. Physical
12: Two types of buffer overflows
A. Digitally signed java control
B. Peer to peer
C. Session
D. Stack and heap
13: Categories of XSS
A. Sandboxing
B. Reflected and stored
C. Java
D. Cross-site scripting
14: Have a timeout value - are not deleted when the user closes their web brower - used to store user preferences and information about the use connection
A. Internet - Local Intranet - Trusted Sites - Restricted Sites
B. Persistent cookie
C. Zones
D. Session - persistent - tracking
15: OSI layer that establishes - manages and terminates the connections between the local and remote application
A. Session
B. Network
C. Stored XSS
D. Security objective definition - application review - application decomposition - threat identification - vulnerability identification
16: Security zone options offered by Internet Explorer
A. Session - persistent - tracking
B. Internet - Local Intranet - Trusted Sites - Restricted Sites
C. XSS attacks
D. XSS
17: A named collection of Web sites that can be assigned a specific security level
A. Internet - Local Intranet - Trusted Sites - Restricted Sites
B. Session - persistent - tracking
C. Zones
D. Reflected XSS
18: Can filter out most buffer overflow attacks
A. Application gateways
B. Data link
C. Packet sniffer
D. Vulnerability identification
19: OSI layer 2 - verify the connection between two devices is intact (i.e. physical addressing)
A. Javascript
B. Zones
C. Heap
D. Data link
20: A method of code signing - allows developers to obtain digital certificate generated by a certificate authority and digitally sign ActiveX controls
A. Network
B. Application
C. Application decomposition
D. Authenticode
21: Threats to defined security objects are identified using knowledge gained during application decomposition in this phase of threat modeling
A. Threat identification
B. Javascript
C. Application
D. Persistent cookie
22: Attack that occurs when a user navigates to a web site and hostile content is automatically downloaded and executed
A. Drive by download
B. Session cookie
C. Input validation
D. Cookie poisoning
23: The unauthorized modification of the data stored within a cookie
A. Cookie poisoning
B. ARP spoofing
C. Threat identification
D. IM
24: OSI layer responsible for end-to-end connections and reliability (i.e. TCP
A. Transport
B. Session
C. P2P
D. Reflected and stored
25: OSI layer that provides the means to transfer data between network entities and detect/correct errors that may occur in the physical layer
A. Java
B. ActiveX
C. Application review
D. Data link
26: A scripting language - developed by Netscape to perform client-side web development
A. Internet - Local Intranet - Trusted Sites - Restricted Sites
B. Authenticode
C. Data link
D. Javascript
27: Enforce application software restrictions - virus scan all files - restrict folders shared by other P2P clients are safeguards for
A. P2P
B. Peer to peer
C. Common off the shelf
D. Persistent cookie
28: Used by java to verify the code for a list of predetermined insecurities
A. Bytecode verifier
B. Cookie poisoning
C. Security objective definition
D. Reflected and stored
29: A programming language - developed by Sun - used to make small applications (applets) for the Internet and stand alone programs
A. Input validation criteria
B. Open mail relay
C. Javascript
D. Java
30: Scripting languages - developed by Microsoft to allow developers to extend and reuse web functionality
A. Digitally signed java control
B. Vbscript and jscript
C. Bytecode verifier
D. Data link
List of Comptia Security +: Do...
Available in:
Comptia Security +: Domain4 Application Security MCQs
